AI description
CVE-2024-11859 is a DLL Search Order Hijacking vulnerability. It potentially allows an attacker with administrator privileges to load a malicious dynamic-link library (DLL) and execute its code within the context of a vulnerable application. Specifically, this vulnerability has been found to affect ESET security products. By exploiting this flaw, attackers can plant a malicious DLL that is then executed by the ESET antivirus scanner, allowing unauthorized code to run silently, bypassing standard system warnings and activity logs.
- Description
- DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
- Source
- security@eset.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security@eset.com
- CWE-427
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚡ New Malware Alert! Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB bypassing defenses and hijacking devices. Update now | Stay alert. https://t.co/qm3HYNp4xc
@achi_tech
15 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-11859
@transilienceai
15 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📷"แม้แต่บริษัทแอนตี้ไวรัส...ก็โดนเจาะครับ!" "ใช่ครับ ผมกำลังพูดถึง ESET" 📷"กลุ่มแฮกเกอร์จีน ใช้ช่องโหว่ CVE-2024-11859 ใน ESET Command Line Scanner" "ปล่อยมัลแวร์ตัวใหม่ชื่อ TCESB เข้าไปแบบเนียน ๆ!" https://t.co/oK4IxigTac
@Reporterfootba
12 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11859 #ESET #ToddyCat https://t.co/JEtRrmDLLg
@skocherhan
9 Apr 2025
175 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
ToddyCat sfrutta vulnerabilità in ESET per eludere i sistemi di sicurezza Sicurezza Informatica, apt, byovd, cina, CVE-2024-11859, DLL proxying, ESET, guerra cibernetica, malware, ToddyCat, vulnerabilità, windows https://t.co/jCm4YuVVQS https://t.co/PWEpEcTRWO
@matricedigitale
9 Apr 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new malware, TCESB, delivered by the Chinese-linked ToddyCat, exploits a flaw in ESET software, bypassing defenses via DLL hijacking. ESET has patched the vulnerability (CVE-2024-11859). 🚨 #ESET #China #Malware link: https://t.co/Jz2lW3vNd6 https://t.co/VIBJxY0wmO
@TweetThreatNews
9 Apr 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns A vulnerability in ESET antivirus (CVE-2024-11859) allowed malicious code execution via its scanning engine. https://t.co/t4F0ePj7PF #dwobservatory #dwnews #digwatch
@DigWatchWorld
9 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡ New Malware Alert! Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB — bypassing defenses and hijacking devices. Update now | Stay alert. Details 👉https://t.co/nI99Rn0P60
@TheHackersNews
9 Apr 2025
13713 Impressions
28 Retweets
55 Likes
9 Bookmarks
0 Replies
1 Quote
ToddyCat attackers exploited by running their tool in the context of a security solution. (CVE-2024-11859 vulnerability in ESET Command line scanner) https://t.co/5YslEK2vbN https://t.co/p2m8APe07j
@blackorbird
9 Apr 2025
2353 Impressions
17 Retweets
28 Likes
5 Bookmarks
0 Replies
0 Quotes
A medium-severity vulnerability (CVE-2024-11859) in ESET antivirus lets hackers plant malicious DLLs undetected. ESET has released a fix. Attack linked to the ToddyCat group. 🔒🛡️ #ESET #ToddyCat #Ukraine link: https://t.co/V8uzm7X3Hx https://t.co/NowOxgJSys
@TweetThreatNews
8 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ToddyCat APTがESETのバグを狙い、マルウェアを静かにロードする(CVE-2024-11859) https://t.co/m67IFgNBNO #security #セキュリティ #ニュース
@SecureShield_
8 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11859 🟠 MEDIUM (6.8) 🏢 ESET, spol. s r.o. - ESET NOD32 Antivirus 🏗️ 0 🔗 https://t.co/3ZeqEcUUTg #CyberCron #VulnAlert #InfoSec https://t.co/C8dE2GZlQb
@cybercronai
8 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ToddyCat APT Abuses ESET CLI Scanner to Evade Detection CVE-2024-11859 🔍 Attackers exploited insecure DLL loading in ESET’s ecls.exe to stealthily execute malware via DLL proxying. 🛡️ Malware TCESB used EDRSandBlast BYOVD w/ a vulnerable Dell driver to disable system https
@CareWeDoNot
8 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ToddyCat APT abuses ESET scanner (CVE-2024-11859) to hide malware—bypasses security via trusted process injection. Active attacks: https://t.co/FzgTAvJpSV #CyberEspionage
@adriananglin
8 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The ToddyCat APT group has unleashed TCESB, a sophisticated malware using DLL proxying to evade detection on Windows. CVE-2024-11859 vulnerability found in ESET's scanner. 🛡️💻 #MalwareAttack #ESET #USA link: https://t.co/Ey0vVZI6tn https://t.co/2RIpUuxSff
@TweetThreatNews
7 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11859 DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. https://t.co/mgLvxNNA1e
@CVEnew
7 Apr 2025
279 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes